Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Canada reacts: Consequences of NSA revelations

How are the latest NSA spying revelations affecting Canadians' use of the internet? Danny Bradbury finds out.

Ann Cavoukian, the information and privacy commissioner for the province of Ontario, has a name for what the National Security Agency (NSA) has done – following revelations earlier this month about systematic anti-encryption measures by the intelligence organization which operates under the jurisdiction of the U.S. Department of Defense. “I call it surveillance by design, because they are intentionally designing the system so that they can easily surveil, and have a backdoor by whichever means they want,” she says.

Cavoukian uses these words carefully. She invented Privacy by Design, a method of protecting privacy by building core principles into new technologies. Developed in the 1990s, it was adopted as an international standard by data protection and privacy commissioners in 2010.

But revelations in the U.K. and U.S. media that the NSA has deliberately introduced weaknesses into cryptographic tools and standards for more than a decade makes this a difficult concept to follow these days.

"A lot of Canadian internet traffic happens via the U.S.”

– Dragos Ruiu, founder of the CanSecWest conference

We already knew about PRISM, a project that saw the NSA accessing data stored on cloud-based services in the United States. Under the more recently discovered Project Bullrun, the NSA worked deliberately with technology vendors to introduce weaknesses in the implementations of encryption technologies, according to documents supplied by whistleblower Edward Snowden, a former NSA contract employee.

Canadians have a right to be concerned about the latest revelations, says James Arlen, senior security adviser with Leviathan Security Group in Canada. “For everyone who has had their tin foil hat screwed on real tight, we believe you now,” he says. “You're only paranoid when there's no one out to get you.”

Now that we know for sure U.S. spy agencies have been secretly subverting the basis of our communications, what next? Do we need to take any more measures north of the border? Unfortunately, simply storing it here may no longer be enough.

Companies have long known about the dangers to data stored on U.S. soil – or in other countries using servers owned by U.S. corporations. The USA Patriot Act, signed into law in response to the attacks of Sept. 11, made it far easier for authorities to co-opt that data, and serve a service provider with a gag order preventing them from talking about it.

Until now, the idea was that by storing data with a Canadian cloud service provider, Canadian companies and individuals could avoid having the data pilfered by authorities south of the border. But Dragos Ruiu, a Canadian security consultant and founder of the CanSecWest conference, which focuses on applied digital security, is not so sure.

“There is a lot of talk right now about boomerang routing,” he says. “A lot of Canadian internet traffic happens via the U.S., even if it's between different points in Canada.”

THE LATEST ISSUE

THE LATEST ISSUE

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.